The network attacks are increasing both in frequency and intensity with the rapid growth of internet of things (IoT) devices. Recently, denial of service (DoS) and distributed denial of service (DDoS) attacks are reported as the most frequent attacks in IoT networks. The traditional security solutions like firewalls, intrusion detection systems, etc., are unable to detect the complex DoS and DDoS attacks since most of them filter the normal and attack traffic based upon the static predefined rules.

Categories:
851 Views

The Internet of things (IoT) has emerged as a topic of intense interest among the research and industrial community as it has had a revolutionary impact on human life. The rapid growth of IoT technology has revolutionized human life by inaugurating the concept of smart devices, smart healthcare, smart industry, smart city, smart grid, among others. IoT devices’ security has become a serious concern nowadays, especially for the healthcare domain, where recent attacks exposed damaging IoT security vulnerabilities. Traditional network security solutions are well established.

Categories:
917 Views

The Internet of Things (IoT) is reshaping our connected world, due to the prevalence of lightweight devices connected to the Internet and their communication technologies. Therefore, research towards intrusion detection in the IoT domain has a lot of significance. Network intrusion datasets are fundamental for this research, as many attack detection strategies have to be trained and evaluated using these datasets.

Categories:
593 Views

This is the dataset provided and collected while "Car Hacking: Attack & Defense Challenge" in 2020. We are the main organizer of the competition along with Culture Makers and Korea Internet & Security Agency. We are very proud of releasing these valuable datasets for all security researchers for free.

The competition aimed to develop attack and detection techniques of Controller Area Network (CAN), a widely used standard of in-vehicle network. The target vehicle of competition was Hyundai Avante CN7.

Instructions: 

1. Description

RoundTypeDescription# Normal# Attack# Rows
(Total)
PreliminaryTrainingNormal and four types of attacks dataset with class3,372,743299,4083,672,151
SubmissionNormal and four types of attacks dataset with class
(during the competition, without class)
3,358,210393,8363,752,046
FinalSubmissionNormal and five attacks (4 spoofings, 1 fuzzing) dataset with class
(during the competition, without class)
1,090,312179,9981,270,310
  • Preliminary round contains two status of the vehicle -- S: Stationary, D: Driving.
    In final round, only stationary status traffic was collected for safety reason.

  • All csv files have same headers: Timestamp (logging time), Arbitration_ID (CAN identifier), DLC (data length code), Data (CAN data field), Class (Normal or Attack), and SubClass (attack type) of each CAN message.

 

2. Class

Normal: Normal traffic in CAN bus.

Attack: Attack traffic injected. Four types of attacks are included -- Flooding, Spoofing, Replay, Fuzzing.

  • Flooding: Flooding attack aims to consume CAN bus bandwidth by sending a massive number of messages.

  • Spoofing: CAN messages are injected to control certain desired function.

  • Replay: Replay attack is to extract normal traffic at a specific time and replay (inject) it into the CAN bus.

  • Fuzzing: Random messages are injected to cause unexpected behavior of the vehicle.

 

3. Acknowledgement

This work was supported by Institute for Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2020-0-00866, Challenges for next generation security R&D).

Categories:
1442 Views

This dataset is from apache access log server. It contains: ip address, datetime, gmt, request, status, size, user agent, country, label. The dataset show malicious activity in IP address, request, and so on. You can analyze more as intrusion detection parameter.

Instructions: 

This dataset contains: ip address, datetime, gmt, request, status, size, user agent, country, label. Allowed traffic only from Indonesia, because the web is local purpose, so this dataset assume the traffic from abroad is prohobited.

Categories:
703 Views

Message Queuing Telemetry Transport (MQTT) protocol is one of the most used standards used in Internet of Things (IoT) machine to machine communication. The increase in the number of available IoT devices and used protocols reinforce the need for new and robust Intrusion Detection Systems (IDS). However, building IoT IDS requires the availability of datasets to process, train and evaluate these models. The dataset presented in this paper is the first to simulate an MQTT-based network. The dataset is generated using a simulated MQTT network architecture.

Instructions: 

The dataset consists of 5 pcap files, namely, normal.pcap, sparta.pcap, scan_A.pcap, mqtt_bruteforce.pcap and scan_sU.pcap. Each file represents a recording of one scenario; normal operation, Sparta SSH brute-force, aggressive scan, MQTT brute-force and UDP scan respectively. The attack pcap files contain background normal operations. The attacker IP address is “192.168.2.5”. Basic packet features are extracted from the pcap files into CSV files with the same pcap file names. The features include flags, length, MQTT message parameters, etc. Later, unidirectional and bidirectional features are extracted.  It is important to note that for the bidirectional flows, some features (pointed as *) have two values—one for forward flow and one for the backward flow. The two features are recorded and distinguished by a prefix “fwd_” for forward and “bwd_” for backward. 

 

Categories:
5765 Views

 

GPS spoofing and jamming are common attacks against the UAV, however, conducting these experiments for research can be difficult in many areas. This dataset consists of a logs from a benign flight as well as one where the UAV experiences GPS spoofing and jamming. The Keysight EXG N5172B signal generator is used to provide the true coordinates as a location in Shanghai, China.

Instructions: 

PX4 Autopilot v1.11.3 (https://px4.io) is used for all experiments, running on Pixhawk 4 flight controller (PX4_FMU_V5) and Pixhawk GPS receiver. The UAV frame is the Holybro S500. QGroundControl (v4.0.9) is used for GCS (http://qgroundcontrol.com). 

Full flight data is contained in ULOG files (https://dev.px4.io/v1.9.0/en/log/ulog_file_format.html)

CSV files are obtained by conversion using the ulog2csv script (https://github.com/PX4/pyulog/blob/master/pyulog/ulog2csv.py)

Categories:
4324 Views

These datasets are used to detect Intrusions in Controller Area Network (CAN) bus. Intrusions are detected using various Machine Learning and Deep Learning algorithms.

.

Categories:
922 Views

Collecting and analysing heterogeneous data sources from the Internet of Things (IoT) and Industrial IoT (IIoT) are essential for training and validating the fidelity of cybersecurity applications-based machine learning.  However, the analysis of those data sources is still a big challenge for reducing high dimensional space and selecting important features and observations from different data sources.

Categories:
3758 Views

The proliferation of IoT systems, has seen them targeted by malicious third parties. To address this challenge, realistic protection and investigation countermeasures, such as network intrusion detection and network forensic systems, need to be effectively developed. For this purpose, a well-structured and representative dataset is paramount for training and validating the credibility of the systems. Although there are several network datasets, in most cases, not much information is given about the Botnet scenarios that were used.

Categories:
7825 Views

Pages